On Tue, 15 May 2001, Brad McConnell wrote:
|+I do a semi-classical arrangement. We have two pipes to the net going to
|+two different switches. I use SPAN to send all ingress traffic on the
|+external router to a port which I plug into a hub. I then do the same on
|+the second pipe, and plug the IDS box running snort into the hub (thus, all
|+traffic in both directions can be read off one interface).
I want to do something similar but our main feed comes into a 7202,
which in turn is connected to a 7206 via xover cable from FE to FE on each
router. the 7202 is our upstream and dont have access to the CLI. The 7206
is ours.
What I was thinking was plug the both the 7206 and 7202 into a spare
2900XL switch we have then plug my snort box into the switch as well. But
the 2900 does not have SPAN it has a command similiar called port monitor
that does the same thing that SPAN does.
Would this work? I would like to be able to use snort to see all our
incoming traffic destined for our machines this way.
We see avg load of about 6-7 megs/sec inbound about 1.5-2 megs/sec
outbound.
Thanks,
Keith
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4660&t=4436
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
